BLACK HAT EUROPE 2015 - REGISTRATION IS NOW OPEN

Black Hat | Black Hat Asia 2014: Focus on Windows Exploits

Many would agree that "Microsoft Windows" and "exploits" go together like chocolate and peanut butter. Indeed, Black Hat Asia 2014 will host several Briefings which explore potential attack vectors and vulnerabilities of Microsoft's most popular products.

Microsoft's Internet Explorer isn't quite the hot mess it was a few versions ago, and IE10 introduced Enhanced Protected Mode (EPM), an improved version of the browser's Protected Mode sandbox. So, the obvious question: How secure is it? Mark Vincent Yason has been hard at work poking and prodding the EPM sandbox, and is ready to report his findings in Diving Into IE 10's Enhanced Protected Mode Sandbox. He'll dive deep into the sandbox's internals, showing you its deepest inner workings and its limitations, as well the methodology he used to expose this info. In classic Black Hat fashion, he'll wrap by demonstrating a working EPM sandbox escape exploit, and walk you through its discovery. Gettin' better, Microsoft, but you're not there yet.

This next Briefing takes a different approach to breaching Microsoft security. When flaws and exploits emerge in Microsoft products and the security hits the fan, the company has a history of issuing so-called "Fix It" patches that attempt to take care of the immediate threat. The In-Memory Fix It is one recently documented variation on the concept. In Persist It: Using and Abusing Microsoft's Fix It Patches Jon Erickson will share his research on these in-memory patches. Through reverse engineering, he's gained the ability to create new patches which can maintain persistence on a host system. Microsoft's Fix Its may need a fix themselves.